vendor:
Fake Hit Generator
by:
DigitALL
8.8
CVSS
HIGH
Remote File Upload
434
CWE
Product Name: Fake Hit Generator
Affected Version From: 2.1
Affected Version To: 2.1
Patch Exists: YES
Related CWE: CVE-2009-4456
CPE: a:fake_hit_generator:fake_hit_generator:2.1
Other Scripts:
https://www.infosecmatter.com/nessus-plugin-library/?id=41313, https://www.infosecmatter.com/nessus-plugin-library/?id=41421, https://www.infosecmatter.com/nessus-plugin-library/?id=60735, https://www.infosecmatter.com/nessus-plugin-library/?id=44635, https://www.infosecmatter.com/nessus-plugin-library/?id=42015, https://www.infosecmatter.com/nessus-plugin-library/?id=57446, https://www.infosecmatter.com/nessus-plugin-library/?id=58325, https://www.infosecmatter.com/nessus-plugin-library/?id=45372, https://www.infosecmatter.com/nessus-plugin-library/?id=36943, https://www.infosecmatter.com/nessus-plugin-library/?id=38642
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009
Fake Hit Generator Shell Upload Vulnerability
The vulnerability allows an attacker to upload a malicious file to the web server. The vulnerability exists due to insufficient validation of the file type that is being uploaded. An attacker can exploit this vulnerability by uploading a malicious file to the web server.
Mitigation:
The application should validate the file type before uploading it to the web server.
